ELECTRONIC COMMERCE TRANSACTION AUDIT SYSTEM, ELECTRONIC 
COMMERCE TRANSACTION AUDIT METHOD, AND STORAGE MEDIUM 
RECORDING ELECTRONIC COMMERCE TRANSACTION AUDIT PROGRAM 
THEREON 

5 BACKGROUND OF THE INVENTION 

Field of the Invention 
The present invention relates to an electronic commerce transaction audit system, 
electronic commerce transaction audit method, and storage mediwn receding an electronic 
commerce transaction audit program thereon. 

1 0 Description of the Related Art 

Unexamined J^anese Patent KOKAI Publication No. HI 0-93557 describes a 
communication audit apparatus and a communication audit method as a conventional audit 
system. FIG. 5 is a conceptual view illustrating an encryption communication system 
relating to the communication audit method and communication audit method. 

15 In FIG. 5, an internal network 1 11 is a local area network including an intra-company 
network (intra-corporate network). For example, terminals installed at the respective 
departments of the company, factories, sales oflBces and the like are connected via the 
network. The internal network 111 may be a network in a predetermined unit of 
oiganization or unit of management without being limited to the intra-company network. 

20 An external network 1 12 is a network, which is provided externally when viewed 
from the internal network IIL For example, in the case where the internal network is an 
inlra-corporate network, the external network corresponds to an outside-company network. 
As an example of external network 1 12, the Intemet, which is set up throughout the world, 
is a typical example. 

25 A communication audit apparatus 120 uses a terminal belongs to the internal network 
111 as a target to be managed. Then, the communication audit apparatus 120 supervises 
information to be sent to tiie external network 1 12 from the terminal belonging to the 
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internal network 111. In this example, the communication audit apparatus 120 supervises 
information in units of packet. Namely, the communication audit apparatus 120 supervises 
transmission of the packet about which user of the internal network is used as a sender and 
Trfiich user of the external network is used as a receiver based on information about a 
5 sender and a receiver written in the packet. Then, the communication audit apparatus 120 
collects statistical information and performs an audit on the packet based on statistical 
information. 

FIG. 6 illustrates the structure of TCP/IP packet as an example of packet to be 
transferred. M illustrated in FIG. 6, die packet includes at least a sender address 121, a 

10 receiver address 122, kind of protocol (port number) 123, and data content 124. In this 
example, data that can specify a user as a sender (internal user) is included m the packet 
For example, the internal user can be specijSed by the sender address 12 1 . The internal user 
encrypts information (data content 124 in FIG. 6) using secret key crj^togram and 
performs communication. A secret key used by the internal user is managed in the internal 

1 5 network 1 1 1 wherein the user or a pair of the user and the transmission counterpart is used 
as a key. 

An explanation will be next given of the ftmction of communication audit apparahis 
120. The communication audit eq>paratus 120 grasps the situation of transmission of data 
from the internal user to the external user throu^ statistical processing with reference to 

20 the sender address 121 of packet and the receiver address 122. When a predetermined 
statistical quantity satisfies a predeteamiued condition (for example, the cumulative 
quantity of transfer packete reaches more than a threshold value), the communication audit 
apparatus 120 does not transfer the packet to the original receiver but decode encrypted 
information in the packet Then, the communication audit apparatus 120 transfers the 

25 packet to an auditor (namely, internal specific user) in order to audit the content 

FIG. 7 illustrates the outline of the audit performed by the commtinication audit 
apparatus 120. In FIG. 7, it is assumed that user B is an internal user (for example. 
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employee) and user C and user D are external users (for example, outside-company users). 

When receiving a packet addressing to the external user C from the internal user B or 
addressing to the user D, the communication audit apparatus 120 checks the sender address 
and receiver address, which are described in the packet, and accumulates the number of 
5 packets every pair of sender and receiver. 

FIG. 7 illustrates the status in which the packet transfer is performed to C X times, and 
D Y times as a communication record of user B. Here, for example, it is assumed that the 
above predetermined condition is set to "when the packet just received is transferred to the 
destination, the mumber of communication times exceeds X times (where X>Y). In this 
10 case, when the packet is transmitted from user B to user D in the status of FIG. 7, this 
packet does not satisfy the above condition. For this reason, the communication audit 
^paratus 120 sends the packet to user D (tiie number of communication times to D results 
in Y+1). On the other hand, when the packet is transmitted from user B to user C in the 
status of FIG. 7, the number of communication times to C is counted up (X+1), so that this 
1 5 packet satisfies the above condition. For this reason, the communication audit apparatus 
120 transfers this packet to not user C but the terminal of an auditor A, 

The auditor A to which the packet has been thus transferred decodes encrypted data of 
the packet using the secret key specified by the sender address (or Hhs pair of the sender 
address and receiver address) to make it possible to audit the content 
20 Here, the secret key is managed by the terminal of auditor A, or a server directly 
connected to the terminal, or other server apparatus provided ra the internal network 111, 
and is obtamable at the termmal of auditor A. After auditing, when there is no problem in 
the content, the packet can be newly sent to the original receiver from the terminal of 
auditor A Moreover, an identifier is added to the packet and held in the communication 
25 audit apparatus 120, and the terminal of auditor A can instruct the communication audit 
q>paratus 120 to specify the identifier of packet and send it to the original receiver. It is also 
possible to instruct the sender of packet to send the packet to the original receiver again. 
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Accordingly, the predetermined condition is appropriately set, making it possible to 
narrow the audit target and audit efficiently and effectively. For example, the 
predetermined condition is set to the threshold value of the total number of transfer tunes, 
making it possible to use only information, which has the specific pair of sender and 
5 receiver whose number of transfer times is extremely high, as a target audit. 

Next, an example of the internal structure of the communication audit ^paratus 120 
will be illustrated by FIG. 8. The communication audit apparatus 120 includes a packet 
analyzer 143, transmission log obtainer 145, transmission packet statistical proc^sor 146, 
audit condition determinator 147, and mail transmitter 148. Here, in FIG. 8, a mail from B 
1 0 141 indicates an encrypted mail from user B, and a packet from B 142 indicates the outline 
of information included in flie packet to be transmitted. 

First, when the communication audit apparatus 120 receives mail (encrj^ted mail) 
from B 141, the packet analyzer 143 detects a packet sender and receiver described in the 
packet from B 142. The packet analyzer 143 also detects other information such as the kind 
15 of protocol, data quantity, and so on as required. 

Next, the transmission log obtainer 145 obtains a log every pair of the sender and 
receiver of the packet. The content of log is composed of, e.g. data and time, sender, 
receiver, kind of protocol, and so on. Or, data quantity may be added thereto. 

Sequentially, the fransmission packet statistical processor 146 performs statistical 
20 processing every packet based on information sent from flie fransmission log obtainer 145. 
Here, the transmission packet statistical processor 146 counts the number of packets every 
pair of sender and receiver. The statistical processing may be performed every pair of 
sender, receiver, kind of protocol, or the number of packets may be counted every pair of 
sender and receiver according to the specific kind of protocol. Or, statistic^ processing 
25 may be performed by other various kinds of methods. Additionally, the structure having fto 
transmission log obtainer 145 in the communication audit apparatus 120 may be possible. 
In this case, necessary data is directly given to the transmission packet statistical processor 
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146 from the packet analyzer 143. 

Next, the audit condition determinator 147 determines whether or not a given 
statistical quantity obtained by statistical processing every packet satisfies a predetermined 
condition. 

5 Here, as one example, it is assumed that the given statistical quantity is the number of 
transmission times n. It is also assumed that the predetermined condition is set to "the • 
number of transmission times n is more tiian threshold value N." In this case, tfie audit , 
condition determinator 147 compares tiie threshold value N for determiiung whether or not 
the encrypted mail should be audited wifli the number of transmission times n. 

10 In the case where the above condition is not met (N>n), the communication audit 
apparatus 120 sends e-mail to the original receiver, that is, the external network 1 12 since 
the condition to be audited is not met. 

While, in the case where the above condition is met (N<n), the mall transmitter 148 of 
the communication audit s^paratus 120 sends this mail to the auditor A since the condition 

15 to be audited is met. Here, in the communication audit apparatus 120, this mail may be 
stored in a buffer until the packet is transmitted, and it may be relayed through the packet 
analyzer 143, transmission log obtainer 145, transmission packet statistical processor 146, 
audit condition determinator 147, and mail transmitter 148. 

An explanation will be next given of the operation of communication audit apparatus 

20 120 using the specific example. It is assumed that mail (encrypted mail) fi*om B 141 is 
transmitted firom user B of FIG. 8 to user C. In the encrypted mail sent from user B, apacket 
has a sender and receiver added as a header as illustrated m the packet from B 142 of FIG. 
8. 

In tiie communication audit apparatus 120 that has received this packet, the packet 
25 analyzer 1 43 detects that the packet is one that is sent from user B and tfiat the packet is sent 
to user C, and transmits the detection result to the transmission log obtainer 145. 

The transmission log obtainer 145 records a log of packet transmission in a state that 
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the sender and receiver are pared. In this example, the transmission log obtainer 145 
records a log in which the user B has sent the packet to user C. 

The communication audit apparatus 120 sends this result to the transmission packet 
statistical processor 146 by which counts the number of specific packets, for example, the 
5 number of packets so far tiiat are transmitted currently. Then, it is assumed that the counted 
result is n. 

The communication audit apparatus 120 sends this result n to the audit condition 
determinator 147 by which the result n is compared with a certain threshold value N. This 
threshold value is one that is predetermmed the auditor A. At this time, when n is below the 
1 0 threshold value N, the communication audit apparatus 120 sends the packet to user C, tlutt 
is, external network 112. 

On the other hand, when n is more than the threshold value N, the communication 
audit spparatus 120 sends the encrypted mail transmitted by user B to the auditor A using 
the mail transmitter 148. Here, at the same time, the communication audit apparatus 120 
1 5 can send the fact in which tiie number of packets to user C from user B reaches more than 
the threshold value N using e-mail. 

As a result, the auditor A decodes the encrypted mail directed to user C from user B 
using a given key, so tiiat the content can be audited. Moreover, the mail transmitter 148 of 
communication audit ^paratus 120 transmits a packet widi a specific content, e.g., p^ket 
20 having a unused port number added, to a host machine of user B. The host machine of user 
B receives this specific packet at an alarm message display 149, so that an alarm message, 
e.g., "An audit on encrypted mail will be carried out from now on" can be displayed on a 
display of die machine used by user B. This alarm message can be hnplemented with 
respect to each host machine by use of sofhvare, similar to an alarm system for firewall, 
25 which is currently used. 

The above has showed one example in which "the number of packets reaches more 
than the Areshold value" is used as a given statistical quantity and a predetermined 
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condition. However, it is possible to limit the range of sender as an audit target, the range of 
receiver, or the range of the pair of sender and receiver. Moreover, the given condition and 
predetermined statistical quantity may be set every sender, receiver, or the pah of sender 
and receiver. 

5 Furthermore, the predetermined statistical quantity may be obtained every fixed time. 
For example, the number of transfer packets is cleared at the beginning of the month. Then; 
it is possible to paform the con^arison between the number of transfer packets and the 
threshold value in the corresponding month, or it is possible to perform the comparison 
between the number of transfer packets and the threshold value for past fixed time since a 
10 given date. 

Still furthermore, the above has showed the case m vrtiich the packet to be audited is 
transferred to the auditor. However, only the message may be transferred to the auditor 
without transferring tiie packet to the auditor. In lliis case, the auditor can also audit the 
packet held in the communication audit apparatus. 

1 5 Still furthermore, when the internal user starts up the host machine and logs in to the 
machine, it is possible to display the message, "In the case of encrypting information to 
transmit encrypted information to the outside by the present sj'stem, the content of 
information is sometimes decoded and audited." on the screen. This gives tfie alarm to the 
user, making it possible to obtain an effect lhat psychologically suppresses such fraud that 

20 leaks information relating to company secret to the outside to prevent such occurrence. 

However, the above-explained audit system has no idea in ensuring reliability of tfie 
auditor and system itself, and there is left a possibility that a significant record will be 
leaked. Moreover, the point to be audited is the contact between the external network such 
as tiie Internet and the internal network ui the company, and it caimot be said that the 

25 infrastnictural system, which grants extremely high authorization and responsibility to the 
auditor hierarchicaUy, is estabUshed. Hiis results in the audit having only specified 
collective responsibility rather than all-inclusive audit having social responsibihty. Then, 
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in the case where the electronic commerce transaction occupies a large distribution 
percentile on the total transacticms, an extremely dangerous situation will be brought 
about 

Though the above-mentioned audit system performs the analysis of packet, the audit 
5 of only one lunited site is performed and the condition is set to one relating to only the site. 
However, in the actual electronic commerce transaction, there is a message transfer that is 
more complicated than the mail system, and lliere is the number of cases in which the 
message exchange between only two sites is performed is rather sm^l. For this reason, in 
the actual elecfronic commerce transaction, it is necessary to grasp the wide network area 
1 0 and perform an audit on the verification of event. Therefore, the aforementioned audit 
system cannot be implemented by the above-mentioned audit system. 

Moreover, the above-mentioned audit system uses items elating to the system - 
structure as main audit targets, and cannot judge the content of message so that the audit 
cannot be performed. For example, regarding the audit on whether or not financial dishonor 
1 5 occurs, this cannot be implemented unless the content of message is correctly judged in 
addition to the trace of packet. Accordingly, the aforementioned audit system cannot be 
used to audit the actual electronic commerce transaction. 

In recent years, the electronic commerce transaction plays an importiant role 
increasingly, and is occupying the important position in the total transactions. For this 
20 reason, there has been needed means, which is capable of auditing the environment of 
electronic commerce transaction strictty and accurately in real time. 

SUMMARY OF THE INVENTION 
The present invention has been made to solve the aforementioned problems, and it is 
an object of the present invention to provide an electronic commerce transaction audit 
25 system that is capable of improving reliability of an auditor and the system itseli^ electronic 
commerce transaction audit method, and storage medium having an electronic commerce 
transaction audit program thereon. 
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Moreover, it is an object of the present invention to provide an electronic commerce 
transaction audit system that is capable of grasping a wide network area to perform an audit 
on verification of an event, electronic commerce transaction audit method, and storage 
medium having an electronic commerce transaction audit program thereon. 
5 Still moreover, it is an object of the present invention to provide an electronic 
commerce transaction audit system that is capable of judging the content of message to 
perform an audit, electronic commerce transaction audit method, and ston^e medium 
having an electronic commerce transaction audit program thereon. 

Still moreover, it is an object of the present invention to provide an electronic 

1 0 commerce transaction audit system, electronic commerce transaction audit method, and 
storage medium having an electronic commerce transaction audit program thereon, which 
are capable of auditing whether or not a computer for exchanging a message of each 
participating organization including companies is mounted in such a manner that satisfies 
various kinds of requirements on specifications relevant to the electronic commerce 

1 5 transaction and whether or not there is a problem in the processing ability under the 
environment of electronic commerce transaction implemented by a computer connected to 
a network. 

In order to attain the above object, according to a first aspect of the present invention, 
there is provided an electronic commerce transaction audit system comprising a plurality of 

20 electronic notarize means, connected to each other via a network, for uniformly stamping 
time on all exchange messages between electronic commerce transaction entities to record 
and store the stamped time, and the electronic notarize means vie with each other to take a 
mutual notarization of the all exchange messages recorded and stored. 

The system may further comprise transaction log collect means for automatically 

25 collecting all exchange messages notarized and recorded by ttie plurality of electronic 
notarize means and for verifying rehability of the all collected exchange messages, 
whereby determining an event occurred in the entire network area. 
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Moreover, the system may fUrtiier comprise log analyze means for comparing the 
event occurred in the entire network area and verified and determined by the transaction log 
collect means with an event grasped in advance and to be generated in the entire network 
area, whereby auditing conformity with specifications on the electronic commerce 
5 transaction between the respective electronic commerce transaction entities. 

Still moreover, the system may further comprise log analyze means for obtaining time 
that elapses before a response message is returned after receiving a request message in 
connection with the event occurred in the entire netwoilc area and verified and determined 
by the transaction log collect means, whereby auditing a respond reaction ability of each 
1 0 electronic commerce transactic«i entity. 

Still moreover, the system may further comprise log analyze means for calculating a 
frequency of occurrence of an abnormal response in cormection with tiie event occurred in 
the entire network area and verified and determined by the transaction log collect means, 
whereby auditing an abnormal response processing ratio of each electronic commerce 
15 transaction entity. 

Still moreover, the system may fiirther comprise cumulative estimation control means 
for recording the audit result obtained by the log analyze means to be associated wifli an 
identifier of each electronic commerce transaction entity; and audit information service 
means, when there is a provision request for audit information that has specified the 
20 identifier of electronic commerce transaction entity, for extracting the audit result recorded 
to be associated with the corresponding identifier &om the cumulative estimation control 
means so as to provide the extracted audit result as audit information. 

According to a second aspect of the present invention, there is provided an electronic 
notarizing apparatus comprising transaction log storage means for uniformly stamping 
25 time on all exchange messages between electronic commerce transaction entities to record 
and store the stamped time; notarize means for requesting other electronic notarizing 
apparatus to notarize all exchange messages recorded and stored by the transaction log 
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storage means and for receiving a response to the corresponding request jfrom the other 
electronic notarizing apparatus; and transaction certification storage means for storing the 
response received by the notarize means. 

According to a third aspect of the present invention, there is provided an electronic 
5 commerce transaction audit ^paratus comprising log analyze means for comparing an 
event occurred in the entire network area and with an event grasped in advance and to be 
generated in the entire network area, whereby auditing conformity with specifications on 
the electronic commerce transaction between the respective electronic commerce 
transaction entities. 

0 According to a fouith aspect of the present invention, fliere is provided an electronic 
commerce transaction audit ^paratus comprising log analyze means for obtmning time 
that elapses before a response message is returned after receiving a request message in 
connection with an event occurred in the entire network area, whereby auditing a respond 
reaction ability of each electronic commerce tr^isaction entity. 

5 According to a jftflh aspect of the present invention, there is provided an electronic 
commerce transaction audit ^paratus comprising log analyze means for calculating a 
fi-equency of occurrence of an abnormal response m connection with an event occurred in 
the entire network area, whereby auditing an abnormal response processing ratio of each 
electronic commerce transaction entity. 

0 According to a sixth aspect of the present invention, there is provided an electronic 
commerce transaction auditing method wherein a plurality of electronic notarize means, 
which uniformly stamp time on all exchange messages between electronic commerce 
transaction entities to record and store the stamped time, vie with each other to fake a 
mutual notarization of the all exchange messages recorded and stored via a network. 

5 The estimation means, which is provided independently of the plurality of electronic 
notarize means, may automatically collect all exchange messages recorded and stored by 
the plurality of electronic notarize means and verify reliability of the all collected exchange 
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messages, whereby detennining an event occurred in the entire network area. 

Moreover, the estimation means may fiuther compare the event occurred in the entire 
network area and verified and determined with an event grasped in advance and to be 
generated in flie entire networic area, whereby auditing confonnity with specifications on 
5 the electronic commerce transaction between the respective electronic commerce 
transaction entities. 

Still moreover, the estimation means may jRirther obtain time that elapses before a 
response message is returned after receiving a request message in connection with the event 
occurred in tiie entire network area and verified and determined, whereby auditing a 

1 0 respond reaction ability of each electronic commerce transaction entity. 

Still moreover, the estimation means may furflier calculate a frequency of occurrence 
of an abnormal response in connection with the event occurred in the entire network area 
and verified and determined, whereby auditing an abnormal response processing ratio of 
each electronic commerce transaction entity. 

1 5 Still moreover, llie estimation means may further record the audit result to be 

associated witihi an identifier of each electronic commerce transaction entity, and extract the 
audit result recorded to be associated with the corresponding identifier to provide the 
extracted audit result as audit information when there is a provision request for audit 
information that has specified the identifier of electronic commerce transaction entity. 

20 According to a seventh aspect of the present invention, there is provided an electronic 
commerce transaction auditing method comprising the first step of uniformly stamping 
time on all exchange messages between electronic commerce ti-ansaction entities to record 
and store the stamped tune; the second step of requesting otiier electronic notarizing 
apparatus to notarize all exchange messages recorded and stored in the first step; the third 

25 step of receiving a response to the corresponding request in the second step; and 
the fourth step of storing the response received in the third step. 
Accordmg to an eighth aspect of the present invention, there is provided an electronic 
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commerce transaction audit method wherein an event occurred in the entire network area is 
compared with an event grasped in advance and to be generated in the entire network area, 
whereby auditing conformity with specifications on the electronic commerce transaction 
between the respective electronic commerce transaction entities. 
5 According to a ninth aspect of the present invention, there is provided an electronic 
commerce transaction audit method wherein time that closes before a response message is 
returned after receiving a request message is obtained in connection with an event occurred 
in the entire network area, -wiiereby auditing a respond reaction ability of each electronic 
commerce transaction entity. 
1 0 According to a tenth aspect of the present invention, there is provided an electronic 
commerce transaction audit method wherein a frequency of occurrence of an abnormal 
response is calculated in connection with an event occurred in the entire network area, 
whereby auditing an abnormal response processing ratio of eadhi electronic commerce 
transaction entity. 

1 5 According to an eleventh aspect of the present invention, there is provided a storage 
medium having a computer-program recorded thereon, the storage medium causing a 
computer to execute the first processing of utiiformly stamping time on all exchange 
messages between electronic commerce transaction entities to record and store the stamped 
time; tiie second processing of requesting other electronic notarizing apparatus to notarize 

20 all exchange messages recorded and stored in the first step; the third processing of 
receiving a response to tfie corresponding request in the second step; and the fourth 
processing of storing the response received in the third step. 

According to a twelfth aspect of the present invention, there is provided a storage 
medium having a computer-program recorded thereon, die storage medium causing a 

25 computer to execute processing of comparing an event occurred in the entire network area 
with an event grasped in advance and to be generated in the entire networic area, whereby 
auditing conformity with specifications on the electronic commerce transaction between 
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the respective electronic commerce transaction entities. 

According to athirteenfli aspect of the present invention, there is provided a storage 
medium having a computer-program recorded thereon, the storage medium causing a 
computer to execute processing of obtaining time that elapses before a response message is 
5 returned after receiving a request message in connection with an event occurred in the 
entire network area, whereby auditing a respond reaction ability of each electronic 
commerce transaction entity. 

According to a fourteenth aspect of the present invention, there is provided a storage 
medium having a computer-program recorded thereon, the storage medium causing a 
1 0 computer to execute processing of calculating a fiequency of occurrence of an abnormal 
response in cormection with an event occurred in the entire network area, whereby auditing 
an abnormal response processing ratio of each electronic commerce transaction entity. 

According to a fifteenth aspect of the present invention, there is provided a storage 
medium group wherein the program recorded on Ihe storage medium according to eleventh 
1 5 to fifteenth is divided into a plurality of portions and the plurality of portions is recorded on 
each of a plurdity of storage mediums. 

BRIEF DESCRIPTION OF THE DRA\^TNGS 
These objects and other objects and advantages of the presait invention will become 
more apparent upon reading of the following detailed description and the accompanying 
20 drawings in which: 

FIG. 1 is a block diagram illustrating the structure of an electronic commerce 
transaction system of the first embodiment of the present invention; 

FIG. 2 is a view relating to a directed gr^h model having the array that is generated 
on memory from Trace Structure with the same Transaction Identifier; 
25 FIG. 3 is a flowchart illustrating the audit procedure according to a first erabodunent 
of the present invention; 

FIG. 4 is a block diagram illustrating the shruchjre of the electronic commerce 
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transaction audit system of a second embodiment of the present invention; 

FIG. 5 is a conceptual view illustrating an encryption communication system relating 
to the conventional communication audit method and communication audit method; 

FIG. 6 is a view illustrating the structure of TCP/DP packet as an example of a 
5 conventional packet as a transfer target; 

FIG. 7 is a view illustrating the outline of audit performed by the conventional 
communication audit apparatus; and 

FIG. 8 is a view illustrating one example of the internal structure of the conventional 
commimication audit apparatus. 
1 0 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Embodiments of the present invention will be specifically explained with reference to 
the drawings accompanying herewith. 

(First embodiment) 

FIG. 1 is a block diagram illustrating the structure of an electronic conunerce 
1 5 transaction system of the first embodiment of the present invention. As illustrated m FIG. 1, 
the electronic commerce transaction system according to this embodmient includes scope 
transaction supervise sites 3 and 4, which supervise the scopes to which company groups, 
which carry out electronic commerce belong, inspector site 5, time stamp server 21, and 
certification authority/registration authority 22. 
20 In the present embodiment, as illustrated in FIG. 1, company A 6 and company B 7 
belong to scope A 1 , and company C 8 and company D 9 belong to scope B 2, In scope A 1, 
names of participating companies, access destinations, service to be supported, and the like 
are specifically managed by the scope A transaction supervise site 3 in scope A 1 and the 
scope B transaction supervise site 4 in scope B 2, respectively. 
25 In company A 6, an electronic commerce transaction entity 1 1 is mcluded. Similarly, 
an electronic commerce transaction entity 12,electronic commerce transaction entity 13, 
and electronic commerce transaction entity 14 are included in company B 7, company C 8, 
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and company D 9, respectively. These electronic commerce transaction entities 11, 12, 13, 
and 14 manage communication statuses of vjuious kinds of messages on electronic 
commerce. 

The scope A transaction supervise site 3 includes a notary entity 1 5, transaction log 1 7, 
5 and tramaction certification 19. The notary entity 15 traces a message relating to electronic 
commerce transaction that is carried out among the electronic commerce transaction 
entities 11, 12, 13, and 14, and manages the communication status. The transaction log 17 
manages all histories of tiie transaction that is implemented by the message relating to 
electronic commerce transaction that is carried out among the electronic commerce 
1 0 transaction entities 11, 12, 13, and 14. The transaction certification 19 insures the validity 
of the transaction log 17. 

Similarly, the scope B transaction supervise site 4 includes a notary entity 16, 
transaction log 18, and transaction certification 20 that insures the validity of transaction 
log 18. 

1 5 The inspector site 5 includes a ^ent for gathering tiransaction log 25 tiiat collects 
transaction logs 17 and 18, agent for gathering protocol standards 27, transaction logs 26, 
26', 26" that are generated by duplicating the transaction logs 17 and 18, log analysis 
engine 28 that analyzes transaction logs 26, 26', 26" to audit the electi-onic commerce 
transaction entities 11, 12, 13, and 14 that the rrapective companies possess, inspect results 

20 repository 31 that controls an audit result produced by the log analysis engine 28, 

transaction definition tabic 30 to which the log analysis engine 28 refers at die auditing time, 
transaction definition table 29, and audit information service 32 that provides audit 
information service to each company using the above inspect results repository 31 that 
controls the audit result 

25 An explanation will be next given of the specific processing procedure of electronic 
commerce transaction system according to the present embodiment 

First, an explanation will be given of the supervision operations, which are carried out 
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by the scope A transaction supervise site 3 and scope B transaction supervise site 4 when 
the company A 6 belonging to the scope A 1 conducts electronic commerce transaction 
with the company C 8 belonging to the scope B 2. 

In this case, the electronic commerce transaction entity 11, which manages 
5 communication status of various kinds of messages on electronic commerce transaction, 
transfers a time stamp request al to tiie notary entity 1 5 provided in the scope A transaction 
supervise site 3 that first manages Ihe scope A 1 . 

The time stamp request al has the following structural components: 

Time Stamp Request: :={ 
10 Digest Of Message; 

Entity Identifier Of Sender; 

Entity Identifier Of Receiver; 

Category Of Message; 

Identifier Of Mess^e; 
1 5 Transaction Identifier; 

Invocation Time At Sender; 

Signature Of Sender; 

Key Information; 

}; 

20 Here, "Digest Of Message" in the time stamp request al is a resultant value obtained 
by digest-calculating a request message a6, which a company A 6 will transfer to a 
company C 8, according to a designated form. 

"Entity Identifier Of Sender" and "Entity Identifier Of Receiver"' in the time stamp 
request al mean access points relating to the electronic commerce transaction entity 11 and 
25 electronic commerce transaction entity 13, and they are described by URI (Uniform 
Resource Identifier) which is fixed by the World Wide Web Consortium (W3C). 

"Category Of Message" and "Identifier Of Message" in the time stamp request al 
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specify a kind of message to be sent. The present system is not intended for only the 
specific consortium typically such as RosettaNet Thus, in connection with "Category Of 
Message", an identifier of consortium that defines a message to be sent is set, and in 
connection with "Identifier Of Message", a message identifier of the consortium is set. For 
5 example, in the case where the present system is intended for RosettaNet, a character string 
such as "RosettaNet" is set in "Category Of Message" and a character string, which 
combines a PIP number that specifies a kind of message with the kind of message, is set in 
"Identifier Of Message." 

"Transaction Identifier" and "Invocation Time At Sender" in the time stmnp request 

1 0 al mean an identifier, which specifies a transaction that is unplemented by the message, 
and a local startup time in tiie electronic commerce transaction entity 11, respectively. 
'Transaction Identifier" is set to have a unique value through the entirety of system, and the 
same value is maintained and used until the transaction completes the operation, which is 
based on the specifications after carrying out the operation. Hiis is equivalent to 

1 5 identification infonnation in which asCTial number that is managed in the site is added to an 
identifier of the transaction supervise site. The log analj^is engine 28 determines 
compliance wilJi the specifications cm the transaction that is implemented by exchanging a 
plurality of messages based on the 'Transaction Identifier." 

"Signature Of Sender" in the time stamp request al means that a signature is placed 

20 on "Digest of Mess^e" using a private key of the electronic commerce transaction entity 
11. In contrast to this, "Key Information" in the time stamp request al is information 
relatmg to a public key certification corresponding to the private key. 

When receiving time request al, the notary entity 15 transfers a time request a2 to the 
time stamp server 21 such that time stamping can be made at correct time in the system. 

25 After receiving time request a2, the time stamp server 21 transfers a time value 
response a3 to the notary entity 15 in an ^propriate expression form. 

After receiving time value response a3, the notary entity 15 generates a reception 
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confinnation a4 structured as set forth below in combination with the time stamp request al , 
and stores it to flie transaction log 17 as maintming a time sequence. The reception 
confirmation a4 has a following structural component. 

Receive Confinnation::={ 
5 Hme Stamp Request; 

Time Stamp Value; 

Signature Of Notary Entity; 

Key Information; 

}; 

1 0 "Time Stamp Requesf ' in the reception confirmation a4 is equivalent to the time 
stamp request al . *Time Stamp Value" is equivalent to the value of time value response a3. 

'^Signature Of Notary Entity" in the reception confirmation a4 means that the above- 
mentioned "Time Stamp Request" and "Time Stamp Value" are combined and a signature 
is placed thereon using a private key of the notary entity 15. In contrast to this, "Key 
1 5 Infoimation" in the reception confirmation a4 is information relating to a public key 
certification corresponding to the private key of notary entity 15. 

Thereafter, the notary entity 15 returns a time stamp response a5, which has the same 
structural components as the reception confirmation a4 and coiresponds to the time stamp 
request al , to the electronic commerce transaction entity 11. 
20 The time stamp response a5 has the following structural components: 
Time Stamp Response;:={ 
Time Stamp Request; 
Time Stamp Value; 
Signature Of Notary Entity; 
25 Key Information; 

}; 

The electronic commerce transaction entity 11 that has received the time stamp 
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response a5 sends a request message a6 to be transferred to the electronic commerce 
transaction entity 13 in the company C 8 as a transfer destination. In this case, "transaction 
IdentijBer", which is a transaction specific identifier, is included m the request message a6. 
At this time, the time stamp response a5 does not particularly have to be transferred. 
5 When receiving tiie request message a6, the electronic commerce transaction entity 
13 in the company C 8 transfers a time stamp request a7 to the notary entity 16 in the scope 
B transaction supervise site 4 that manages the scope B 2. ^ 

The time stamp request a7 has the same structural components as the time stamp 
request al, and takes the following structural components: 
1 0 Time Stamp Request::={ 

Digest Of Message; 

Entity Identifier Of Sender; 

Entity Identifier Of Receiver; 

Category Of Message; 
1 5 Identifier Of Message; 

Transaction Identifier; 

Invocation Time At Sender; 

Signature Of Sender; 

Key Information; 
20 }; 

"Digest of Message" in the time stamp request a7 is a resultant value obtained by 
digest-calculating the request message, which the company A 6 has transferred to the 
company C 8, according to a designated form. 

"Transaction Identifier" in the time stamp request a? means an identifier, which 
25 specifies a transaction that is implemented by the request message a6- Since "Transaction 
Identifier" is set to have a unique value through the entirety of system, this has the same 
value as "Transaction Identifier" in the time stamp request al. 
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"Invocation Time At Sender" in Uie time stamp request a7 means a local startup time 
in the electronic commerce transaction entity 13. 

"Signatjre Of Sender" in the time stamp request a7 means that a signature is placed 
on the aforementioned "Digest of Message" using a private key of the electronic commerce 
5 transaction entity 13. Accordingly, this becomes a different value from the value of 
"Signature Of Sender" in the time stamp request al . Moreover, "Key Information" in the 
time stamp request a7 is information relating to a public key certification conesponding to 
the private key. This also becomes a different value from the value of "Key Information" in 
the time stamp request al. 
1 0 When receiving time request a?, the notary entity 16 transfers a time request a8 to the 
time stamp server 2 1 such that time stamping can be made at correct time in the system. 

After receiving time request a8, the time stamp server 21 transfers a time value 
response a9 to the notary entity 16 in an appropriate expression form. 

After receiving time value response a9, the notary entity 16 generates a receive 
1 5 confirmation alO, which has the same structural components as the reception confirmation 
a4, in combination with the time stamp request a?, and stores it to the transaction log 18 as 
maintaining a time sequence. 

'Time Stamp Requesf in the reception confirmation alO is equivalent to the time 
stamp request a?. "Time Stamp Value" is equivalent to the value of time value response a9. 
20 Thereafter, flie notary entity 16 returns atime stamp response all, which has the same 
structural components as the reception confirmation a4 and which corresponds to the time 
stamp request a7, to the electronic commerce transaction entity 13. 

After that, the electronic commerce transaction entity 13 carries out requested 
processing to send a request message occurred in a chain reaction manner to the electronic 
25 commerce transaction entity of the other company or return a response mess^e 

corresponding to the request message a6 to the electronic commerce transaction entity 11 . 
Regarding what response message the electronic commerce transaction entity 13 should be 
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transferred; it is fixed by a protocol standard that is managed by a protocol standard manage 
repository site A 24 and a protocol standard manage repository site B 23. 

The notary entity 15 stores the reception confirmation a4 to the transaction log 17 as 
maintaining ike time sequence. In addition, the notary entity 16 also stores the reception 
5 confirmation al 0 to the transaction log 1 8 as maintaining tiie time sequence. 

By the way, since it is necessary for notary entities 15 and 16 to ensure consistency on 
notary processing, they vie with each other to take a mutual notarization of transaction log 
every time intervalA,which is predetermined among a plurality of notary entities including 
notary entities 15 and 16. 
1 0 For example, the notary entity 1 5 extracts all reception confirmations a4, including 
the oldest reception confirmation a4 after previous final time T up to reception 
confirmation a4 at time (T+A), from the transaction log 17 every time intervalA, and 
generates a transaction list all including them. 

Transaction List::={ 
1 5 Receive Confirmation [0]; 

Receive Confirmation [N]; 

}; 

Thereafter, the notary entity 15 updates final time T managed on memory to time 
20 (T+A). The array of components of each "Receive Confirmation" corresponds to the 
receive confirmation a4. 

After that, the notary entity 15 generates a transaction certification request al3 based 
on the transaction list 12a. The transaction certification request al3 takes the following 
structural components: 
25 Transaction Notary Request: :={ 
Transaction List; 
Entity Identifier Of Sender; 
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Entity Identifier Of Receiver; 
Invocation Time At Sender; 
Signature Of Sender; 
Key Information; 
5 }; 

"Entity Identifier Of Sender" in the transaction certification request al3 means an 
access point relating to tlie notary entity 15 and it is described by URI (Uniform Resource 
Identifier) ^ich is fixed by the World Wide Web Consortium (W3C). Also, "Entity 
Identifier Of Receiver" in fee transaction certification request al3 means an access point 

1 0 relaiting to one of the plurality of other notary entities vying with the notary entity 1 5 to take 
a mutual notarization, and it is also described by URI (Uniform Resource Identifier) which 
is fixed by the World Wide Web Consortium (W3C). 

"Invocation Time At Sender" in the transaction certification request al3 means a local 
startup time in the notary entity 1 5. 

1 5 "Signature Of Sender" in the transaction certification request al3 means that 

"Transaction List" is digest-calculated according to tiie determined form and a signature is 
placed hereon using the private key of the notary entity 1 5. In contrast to this, "Key 
Information" in the transaction certification request al3 is information relating to a public 
key certification corresponding to the private key, 

20 Here, it is assumed that one of the plurality of other notary entities vying with the 
notary entity 15 to take amumal notarization is the notary entity 16 in the scope B2. When 
receiving the transaction certification request al3 from flie notary entity 15, the notary 
entity 16 pities a signature thereon, and returns a transaction certification response al4 to 
the notary entity 15. The transaction certification response al4 tekes the following 

25 structural components: 

Transaction Notary Response::={ 
Transaction Notary Request; 
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Entity Identifier Of Sender; 
Entity Identifier Of Receiver; 
Invocation Time At Sender; 
Signature Of Sender; 
5 Key Information; 

}; 

"Entity Identifier Of Receiver" in the transaction certification response al4 means' an 
access point relating to flie notary entity 1 5 and it is described by URI (Uniform Resource 
Identifier) which is fixed by the World Wide Web Consortium (W3C). Also, "Entity 
10 Identifier Of sender" in the transaction certification request al3 means an access point 
relating to one of the plurality of other notary entiti^ vying with the notary entity 15 to take 
a mutual notarization, and it is also described by URI (Uniform Resource Identifier) which 
is fixed by the World Wide Web Consortium (W3C). 

"Invocation Time At Sender" in lie transaction certification response al4 means a 
1 5 local startup time in the notary entity 16. 

"Signature Of Sender" in the transaction certification response al4 means that the 
structure of transaction certification request 13a, tiiat is, "Transaction Notary Request" 
itself is digest-calculated according to the determined form and a signature is placed 
thereon using the private key of the notary entity 16. In contrast to this, "Key Information" 
20 in the transaction certification response al4 is information relating to a public key 
certification corresponding to the private key. 

When receiving the transaction certification response al 4, the notary entity 15 
analyzes the content and extracts necessary information items, and transfers a registration 
request al5 to the transaction certification 19. The registration request al5 takes the 
25 following structural components: 

Transaction Notary Update::={ 
Transaction Notary Response; 
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Entity Identifier Of Sender; 
Entity Identifier Of Receiver; 
Invocation Time At Sender; 
Signature Of Sender, 
5 Key Information; 

>; 

Hie registration request al5 is substantially equivalent to the transaction certification 
response al4. 

Moreover, the electronic commerce transaction audit system of the present 
1 0 embodiment includes the inspector site 5. The inspector site 5 performs an automatic 
collection of transadion logs from the scope A transaction supervise 3 and scope B 
transaction supervise 4 and an audit based on the corresponding transaction log. 

Then, an explanation wilt be next given of the operation to which the inspector site 5 
relates. 

1 5 The inspector site 5 includes the ^ent for gathering transaction log 25 that gains 
access to the transaction log in each scope transaction supervise site periodically. In the 
present embodiment, the agent for gathering transaction log 25 gains access to the 
transaction log 17 and extracts a transaction log difference al6 corresponding to the 
difference between the previous collection and the current collection, that is, a transaction 

20 log between time T and time (T+A). The transaction log difference al6 is synchronized 
with the transaction list al2, which is generated every time intervalA, and they are 
equivalent to each other. The transaction log difference al6 takes the following structural 
components: 

Transaction Log List::={ 

25 Receive Confirmation [0]; 



Receive Ck>nfinnation pSTj; 
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>; 

The array of components of each "Receive Confirmation" corresponds to the receive 
confirmation a4. 

When receiving the transaction log difference al6, the agent for gathering transaction 
5 log 25 performs digest calculation of "Transaction Log List" by a determined method to 
obtain tiie validity of the content, and transfers the result as a verification request al 8 to the 
notary entity 15. The verification request al8 takes the following structural components: 
Transaction Verification Request::={ 
Digest Of Transaction Log List; 
10 S ignature Of Sender; 
Key Information; 

>; 

"Digest Of Transaction Log List" in the verification request al8 is the resultant value 
of the digest calculation. "Signature Of Sender" is that a si^ature is placed on the resultant 

1 6 value of the digest calculation using a private key of the agent for gathering trMisaction log 
25. In contrast to this, "Key Information" in flie verification request al8 is information 
relating to a public key certification corr^ponding to the private key. 

When receiving the verification request al8, the notary entity 15 verifies the signature 
value described in "Signature Of Sender" in its interior to confirm fliat the sender is the 

20 agent for gathering transaction log 25. Next, the notary entity 1 5 extracts "Digest Of 
Transaction Log List", which is the resultant value of digest calculation in the verification 
request al8. 

Sequentially, the notary entity 15 issues a reference request al9 to draw the 
corresponding registration information fi^om transaction certification 19. The transaction 
25 certification 19 returns a reference response a20 to the notary entity 15 according to the 
form, which is equivalent to the registration request al5. More specifically, since the 
transaction list al2 and transaction log difference al 6 are synchronized with each other, the 
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transaction certification 19 can return information at the corresponding time interval as a 
reference response a20. The reference response a20 takes the following structural 
components: 

Transaction Notary Reference: :={ 
5 Transaction Notary Response; 

Entity IdentijBer Of Sender; 

Entity Identifier Of Receiver; 

Invocation Time At Sender; 

Signature Of Sender; 
1 0 Key Information; 

}; 

The notary entity 15 extracts "Signature Of Sender", which is the signature of other 
notary entity such as typically notary entity 16, and "Key Information", which is public key 
certification information corresponding to the private key. 

1 5 The form of "Key Information", which is public key certification information, is not 
specified, and there is a case in which a certification with X. 509V3 form including the 
public key itself is described and there is another case m which the access point where the 
certification is obtainable is described in the form of URI (Uniform Resource Identifier). In 
the latter case, the notary entity 15 issues a certification obtain request a2i to the 

20 certification authority/registration authority 22 and obtains a certification a22 with X. 
S09V3 form including the public key itself 

Thereafter, the notary entity 15 decodes the extracted "Signature Of Sender" using the 
public key added to tiie obtained certification and obtains a digest value described on the 
transaction certification 19. After that, the notary entity 15 compares the corresponding 

25 digest value with "Digest Of Transaction Log Lisf , which is the resultant value of the 
digest calculation in ihe verification request al8. Since the notary entity 15 exchanges the 
mutual notarization with the plurality of other notary entities, the notary entity 15 provides 
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comparison processing of the corresponding digest value to all reference responses a20 
stored in the transaction certification 19, 

When it is confirmed that no difference is recognized in the comparison between the 
digest value and any one of reference responses a20, the notary entity 15 returns a 
5 v^ification response a23 to the agent for gathering transaction log 25. The verification 
response a23 takes the following structural components: 

Transaction Verification Request: :={ 

Boolean Verified; 

}; 

10 Here, in the case where no problem is found in "Boolean Verified", "True" is returned, 
and 'Tailure" is returned in tiie other cases. 

When receiving the verification response a23 and confirms "True" in "Boolean 
Verified" the agent for gathering transaction log 25 calls a request command al7 for 
adding/generating an entry to the scope A transaction log 26 that is managed in the 

15 inspector site 5. 

The scope A transaction log 26 includes not only Ihe transaction log difference al6 
but also all receive confirmations a4, which are within a fixed valid time. 

The agent for gathering transaction log 25 extracts transaction logs fi-om all scope 
transaction supervise sites in the same way, and generates scope B traiKaction log 26' and 
20 transaction log" similar to the scope A transaction log 26. 

The inspector site 5 also includes the agent for gathering protocol standards 27, The 
agent for gatiiiering protocol standards 27 e?itracts latest protocol descriptions a25 and a26 
fi-om the plurality of protocol standard manage repository sites 23 and 24 that manage the 
protocol standard periodically. The protocol standard manage repository site A 23 
25 corresponds to the repository of RosettaiNet and a latest protocol description a25 
corresponds to PIP definition. Latest information of protocol description, which is 
expressed in a document form such as PIP definition, is processed by edition/maintenance 



29 



through a person since the agent for gathering protocol standards 27 has a console. 

The agent for gathering protocol standards 27 issues protocol description latest 
information generation commands a27 and a28 using latest protocol descriptions a25 and 
a26 as arguments, thus constructing a table relating to a transaction definition table 30 and 
5 transaction definition table 29 in the inspector site 5. The transaction definition table 30, 
and transaction definition table 29 are a definition table of an automaton having the 
following structural components and a message structure table group, respectively. 

Transaction Defmition Table::={ 

Category Of Message; 
1 0 Current Status Definition; 

Input Event Category; (Messf^e Sending, Other Event) 

Subcategory Of Message; (Input) 

Message Definition; (Input) 

Next Status Definition; 
1 5 Output Event Category; (Message Sending, Other Event) 

Subcategory Of Message; (Output) 

Message Definition; (Output) 

>; 

Message Table:— { 
20 Definition Of Structure in BNF; 

}; 

"Cat^ory Of Message" in "Transaction Definition Table" means the kind of message 
to be exchanged, and this corresponds to, for example, RosettaNet. "Current Status 
Definition" and "Next Status Definition" in 'Transaction Definition Table" mean statuses 
25 that the electronic commerce transaction entities 11, 12, 13 and 14 can obtain during the 
procedure of communication of various kinds of messages in view of software. Specifically, 
"Current Stafejs Definition" indicates the status before transition and "Next Status 
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Definition" indicates the status after transition. 

"Input Event Category" and "Ou<j>ut Event Category" in "Transaction Definition 
Table" mean all events that the electronic commerce transaction entities 11, 12, 13 and 14 
can accept during the procedure of communication of various kinds of messages. 
5 Specifically, "Input Event Category" defines an event that may give rise to a status 
transition and "Output Event Category" defines an event that results from the status 
transition. 

"Subcategory Of Message" and "Mess^e Definition" in "Transaction Defiinition 
Table" define the specific kind of m^sage and the construction, respectively. 
1 0 "Message Table" is one that expresses the description for defining "Message 
Definition" in BNF (Backus-Naur Fonn). 

Normally, the various kinds of transaction definitions including transaction definition 
table 30 and transaction definition table 29 are expanded to a huge memory space under 
control of the log analysis engine 28 in flie inspector site 5, and "Transaction Definition 
16 Table" reference and "Mess^e Table" references a29 and a30 refer to them. 

The log analysis engine 28 is started/driven all the time to perform a status simulation 
of each of electronic commerce transaction entities 11, 12, 13, and 14. 

The log analysis engine 28 refers to transaction definition table 30 and transaction 
definition table 29 and reads definition information relating tp "Category Of Mess^e" 
20 "Current Status Definition" "Input Event Category", "Subcategory Of Message", 
"Mess£^e Definition", '"Next Status Definition", "Output Event Category" which are 
components of "Transaction Definition Table" and "Definition Of Structure in BNF', 
which is the component of "Message Table." 

Thereafter, the log analysis engine 28 combines the transaction logs 26, 26' and 26" 
26 and constructs the following data structure of "Transaction Group Table" in the huge 
memory space under control of the log analysis engine 28, and "Transaction Group Table" 
reference a24 refers to this. 
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Transaction Group Tabie::={ 

Transaction Identifier; 

List of Trace Structure; 

Status: (Compete, Still In Progress) 

5 }; 

Trace Structure::={ 
Entity Identifier Of Sender, 
Entity Identifier Of Receiver; 
Category Of Message; 
1 0 Identifier Of Message; 
Time Stamp Value; 

}; 

The data structure, "Transaction Group Table" is composed of "Transaction 
Identifier" using as a main key, one that bimdles individual message transfers as 
1 5 'Transaction Group Table", "Trace Structure" that means the specific contents of massage 
transfers, and "Status" ttiat means the statuses of the series of transactions. 

Thereafter, the log analysis engine 28 generates a directed graph model with the array 
as illustrated in FIG. 2 on memory from "Trace Structure" having the same "Transaction 
Identifier." At the time of selecting "Transaction Identifier", one that has only "Status" with 
20 a value of "Still In Progress" is selected. The directed gr^h model with fliis array can be 
defined by the following expressions (1), (2), (3), and (4): 

(eA), e JtJ,D)G Set of Message ... (1) 

^JiK), em(Tu)€ Set of Identifier 

(Vn,3m&&n?^&&n,m<oo)att„t„ ...(2) 
25 t„t„ e Set of Time Stamp 

(Vv, 3u && {(v<u when D = "->") 1 1 (v>u when odier)} ... (3) 

De^{«^",«<-"} ...(4) 
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A node 101 on the graph including the array 100 of FIG. 2 corresponds to any one of 
electronic commerce transaction entities. The electronic commerce transaction entity is 
specified by "Entity Identifier Of Sender" of "Trace Structure" or "Entity Identifier " of 
"Entity Identifier Of Receiver." Each of members 102 and 103 of the array indicates "Time 
5 Stamp", which is time at which transfer of each message is tninsmitted/received. An arc 
104 between the members 102 and 103 means a message transfer direction. 

The audit analysis at tiie log analysis engine 28 is carried out according to the 
procedure of FIG. 3. 

As a first step, attention is focused on one of electronic commerce transaction entities 
1 0 to audit compliance with the specifications on mounting. For this end, attention is paid on, 
for example, the node 101 of the directed graph of FIG. 2 to extract the corresponding array 
100. Then, regarding each member of the array 100, a trial is made to specify the 
corresponding "Current Status Definition" and "Next Status Definition", which is a next 
status, usmg "Transaction Definition Table" reference, "Message Table" references a29, 
1 5 a30 based on the direction of the arc with a string, initial status, aid the kind thereof. 

If the above is described by expressions, this corresponds to the fact in which ordered 
sets, which are given by the followmg expr^sions (5), (6), (7), and (8), are specified every 
electronic commerce transaction entity. 

(Statos (e^(t,)). Status (e^Ct^)), Status {cJiQ)) ... (5) 

20 Status (e„(tj)e Set ofStatus at e„(g(Vn,n<oo) at t, ...(6) 
e„(g e Set of Entity Identifier (Vn, n«») at t^ ... (7) 

e Set of Time Stamp (0<x<oo) ... (8) 

In the case where the ordered set expressed by expression (5) can be led to the stage of 
disappearance of "Transaction Identified, it is proved tiiat no problem is found m terms of 
25 mounting insofar as the verified transaction is concerned. 

After that, the log analysis engine 28 designates the identifier of electronic commerce 
transaction entity with respect to the inspect results repository 3 1 to extract an audit result 
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record a31 of electronic commerce transaction entity up to the current time. Then, a 
certification result this time is reflected using a fixed algorithm and is returned to the 
inspect results repository 3 1 as a latest audit result record a32. 

The log analysis engine 28 performs the aforementioned audio with respect to the 
5 corresponding nodes of all electronic commerce transaction entities, and the first step is 
completed. 

As a second step, attention is focused on one of elecixonic commerce transaction ^ 
entities and the log analysis engine 28 audits the response ruction ability. Particularly, in 
the case of dealing with finance-related information, tiie log analysis engine 28 also audits 
1 0 dishonor possibility verification. For this end, the array of node 1 01 , which is present in the 
directed graph of FIG. 2, is extracted to calculate a series ofAt that satisfies the condition 
shown by ejqpression (9) set forth below, thus generating an ordered set. 
At=t,-t, 

(tx : (e„(tx), ^M, e Set of Message && 
15 ty : (e„(ty), Qjt^, "->") e Set of Message) ... (9) 

At is time that elapses before a certain electronic commerce transaction entity returns 
a response message after receiving a request raess^e, and serves as a guideline for 
describing processing ability of the electronic commerce transaction entity. Particularly, in 
the case where these messages deal with finance-related information, tilie kind of message is 
20 specified, making it possible to estimate the presence or absence of dishonor possibility. 

After that, the log analysis engine 28 designates the identifier of electronic commerce 
transaction entity with respect to the inspect results repository 3 1 to extract response 
reaction/dishonor possibility records a37 of electronic commerce transaction entity up to 
the current time. Then, an audit result this time is reflected using a fixed algorithm and is 
25 returned to the inspect results repository 31 as a latest response reaction/dishonor 
possibility record a38. 

The log analysis engine 28 performs the aforementioned audio with respect to the 
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corresponding nodes of ail electronic commerce transaction entities, and the second step is 
completed. 

As a third step, attention is focused on one of electronic commerce transaction entities 

and the log analysis ermine 28 audits an abnormality response processing ratio that the 
5 electronic commerce transaction entity issues. For this end, the array of node 101, which is 

present in the directed graph of FIG. 2, is extracted to calculate a frequency that satisfies the 

condition shown by expression (10) set forth below. 

If (Req (e„(t^, eJiQ, «<-") && Err (e,(g, e,(tj, {True;} 
else if (Req (e„(tj, e„(g, «^") && Res (e„(g, e„(t^, «^")) {Failure;} 
10 else {Failui«;} ... (10) 

In the case where the category of Definition of Function Req: 
Vm : m = (qJX^, e„(tj, "<-") e Set of Message is "Requesf , Req(m) = True; ... (1 1) 
In the case where the category of Definition of Function Res: 
Vm : m = (e„(t^, e„(tj, "^") e Set of Message is "Normal Response", Res(m) = 
15 True; ... (12) 

In the case where the category of Definition of Fimction Err: 

Vm : m = (e„(tj, e„(tj, "->") e Set of Message is "Abnormal Response", Err(m) = 

True; ... (13) 

Expressions (11), (12), and (13) are fimctional definitions. In expression (I I), if the 
20 kmd of message to be dealt with corresponds to "request", "true" is established. In 

expression (12), if the kind of message to be dealt with corresponds to "normal response", 
"true" is established. In expression (13), if the kind of message to be dealt with corresponds 
to "abnormal response", *true" is established 

The meaning of expression (10) is a conditional definition for calculating frequency 
25 that generates the abnormal response. In the case of high frequency, it is estimated that the 
electronic commerce transaction entity has a problem in terms of the application system to 
be connected This frequency is traced for a long time to make it possible to clarify the 
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problem. 

After that, the log analysis engine 28 designates the identifier of electronic commerce 
transaction entity with respect to the inspect results repository 3 1 to extract an abnormal 
response processing ratio audit records a39 of electronic commerce transaction entity up to 
5 the current time. Then, an audit result this time is reflected using a iBxed algorithm and is 
returned to the inspect resulte repository 3 1 as a latest sJ^normal response processing ratio 
audit record a40. 

The log analysis engine 28 performs the aforementioned audio with respect to the 
corresponding nodes of all electronic commerce transaction entities, and the third step is 
10 completed. 

After carrying out the first, second, and third steps, tiie log analysis engine 28 erases 
the directed graph model ftom the memory, and rewrites "Status" of "Transaction 
Identifier" of 'Transaction Group Table" obtained fi-om "Transaction Group Table" 
reference a24 to "Complete." Afler that, the log analysis engine 28 regenerates the similar 
1 5 directed graph model on the memory fi-om 'Trace Structure" in which "Status" has a value 
of "Still In Progress" and which conesponds to "Transaction Identifier." In the case where 
no ^propriate 'Transaction Identifier" can be extracted, the "Transaction Group Table" 
reference a24 is refi-eshed and processing goes to a next processing round. 

In the case where the electronic commerce transaction entity 14 mounted on the 
20 company D9 of FIG. 1 performs message communication witii other electronic commerce 
transaction entity according to the start of electronic commerce transaction with other 
company, the electronic commerce transaction entity 14 sends an audit service information 
provision request a33 to tiie audit information service 32 of inspector site 5, The audit 
service information provision request a33 takes the following structural components: 
25 Audit Service Request::={ 

Entity Identifier Of Requester; 
Entity Identifier Of Opposite; 
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Signature Of Requester; 
Key Lifonnation; 
>; 

'^Entity Identifier Of Requester" in the audit service information provision request 
5 a33 means an access point relating to the electronic commerce transaction entity 1 4 and it is 
described by URl (Uniform Resource Identifier) which is fixed by liie World Wide Web 
Consortium (W3C). Also, "Entity Identifier Of Opposite" means an access point relating to 
the electronic commerce transaction entity of estimation/assessment destination, and it is 
described by URI (Uniform Resource Identifier) which is fixed by the World Wide Web 
10 Consortium (W3C), similarly. 

"Si^ature Of Requester" in the audit service information provision request a33 
means that a signature is placed on "Entity Identifier Of Requester" and "Entity Identifier 
Of Opposite" of "Audit Service Request" using the private key of the electronic commerce 
transaction entity 14. In contrast to this, "Key Information" is information relating to a 
1 5 public kffy certification correspondmg to the private key. 

When receiving the audit service information provision request a33, the audit 
information service 32 verifies "Signature Of Requester" which is tiie signature, and 
confinns that it is the request sent from the electronic commerce transaction entity 14 to 
extract "Entity Identifier Of Opposite." Thereafter, the audit information service 32 issues 
20 an inquiry request a34 as an argument to the inspect results repository 3 1 using "Entity 
Identifier Of Opposite." 

The inspect results repository 3 1 generates an inquiry request a35 including the latest 
audit result record a32, latest response reaction/dishonor possibility record a38, latest 
abnormal response processing ratio audit record a40, and responds to the audit information 
25 service 32. 

After that, the audit information service 32 responds an audit service information 
provision response a36 to the electronic commerce transaction entity 14. The audit service 
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information provision response a36 takes the following structural components: 
Audit Service Response: :={ 
Entity Identifier Of Requester; 
Entity Identifier Of Opposite; 
5 Audit Item [1] ; 
Audit Item [2]; 
Audit Item [3]; 



Signature Of Responsor; 
10 Key Information; 

}; 

"Entity Identifier Of Requester" and "Entity Identifier Of Opposite" in the audit 
service information provision response a36 are the same as those of the audit service 
information provision request a33. "Audit Item [l]", "Audit Item [2]" and "A.udit Item [3]" 
1 5 mean the latest audit result record a32, latest response reaction/dishonor possibility record 
a38, latest abnormal response processing ratio audit record a40, respectively. 

Signature Of Responsor " in the audit service information provision response a36 is 
that a signature is placed thereon using the private key of inspector site 5 excepting 
"Signature Of Responsor" and "Key Information" of "Audit Service Response." In contrast 
20 to this, "Key Information" is information relating to a public key certification 
corresponding to flie corresponding private key. 

Thus, processing of the electronic commerce transaction audit system of this 
embodiment is ended. 

(Second embodiment) 

25 An e3q)lanation will be next given of the second embodiment of the present invention 
with reference to the drawings accompanying herewith. FIG. 4 is a block diagram 
illustrating the system structure of the present embodiment. 
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As illustrated in FIG. 4, the present embodiment includes a storage medium 41 and 
storage medium 42 in addition to the structure of the first embodiment. Here, in FIG. 4, 
though the specific structure and the flow of information are omitted, it is assumed that the 
stnictural components illustrated in this figure are the same as those of FIG. 1. Moreover, it 
5 is assumed that information transmitted/received among these structures are completely the 
same as those of FIG. 1. 

In FIG. 4, a program for executing processing, which the scope A transaction 
supervise site 3 and scope B transaction supervise site 4 should perjfonn, is recorded on the 
storage medium 41 . A program for executing processing, which the inspector site 5 should 
1 0 perform, is recorded on the storage medium 42, The scope A transaction supervise site 3 or 
scope B transaction supervise site 4 performs flie same processing as the first embodiment 
under control of the program loaded fi-om the storage medium 41 and control of the 
program loaded fi-om the storage medium 42, respectively. 

The storage mediums 41 and 42 may be storage mediums including magnetic disk, 
15 semiconductor memory, and so on. Moreover, the program may be divided into a storage 
medium group including a plurality of storage mediums, and recorded thereon. 

Accordingly, the present invention comprises a plurality of electronic notarize means 
for uniformly stamping tune on all exchange messages on the electronic commerce 
transaction to record and store them. Each electronic notarize means has a function of vying 
20 with other electronic notarize means to take a mutual notarization of all exchange messages 
recorded and stored. This makes it possible to improve reliability of an auditor and the 
system itself 

Moreover, the present invention comprises agent for gathering transaction log means 
for automatically collecting all exchange messages notarized and recorded dq)ressively by 
25 the plurality of electronic notarize means in connection with the electronic commerce 
transaction so as to reproduce them as an event of the entire wide network area, agent for 
gathering protocol standards means for automatically collecting protocols of the 
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specifications on the electronic commerce transaction, whereby correctly grasping an event 
to be generated in the entire wide network area, and a log analj^sis engine for comparing the 
event of the entire wide network area reproduced by the agent for gathering transaction log 
means with the event to be generated in the entire wide network area grasped by the agent 
5 for gathering protocol standards means, whereby carrying out m objective audit This 
makes it possible to perform an audit that grasps a wide network area to verify the event. 

Still moreover, the present invention comprises agent for gathering transaction log 
means for automatically collecting all exchange messages notarized and recorded 
depressively by the plurality of electronic notarize means in connection with the electronic 

1 0 commerce transaction so as to reproduce them as an event of the entire wide network area, 
agent for gathering protocol standards means for automatically collecting protocols of the 
specifications on the electronic commerce transaction, whereby correctly grasping an event 
to be generated in the entire wide network area, and a log analysis engine for comparing the 
event of the entire wide network area reproduced by the agent for gathering transaction log 

1 5 means wife the event to be generated in the entire wide network area grasped by the agent 
for gathering protocol standards means, whereby carrying out an objective audit. This 
makes it possible to judge the content of message and perform an audit. 

Still moreover, according to the present invention, it is possible to audit whether or 
not a computer for exchanging a message of each participating organization including 

20. companies is mounted in such a marmer lhat satisfies various kinds of requirements on 
specifications relevant to the electronic commerce transaction and whether or not there is a 
problem in the processing ability under the environment of electronic commerce 
transaction implemented by a computer connected to a network. 

Various embodiments and changes may be made feereunto without departing from the 

25 broad spirit and scope of the invention. The above-described embodiments are intended to 
illustrate the present invention, not to limit fee scope of fee present invention. The scope of 
fee present invention is shown by fee attached claims rafeer fean fee embodiments. Various 
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modifications made within the meaning of an equivalent of the claims of the invention and 
witiiin the claipis are to be regarded to be in the scope of the present invention. 

This application is based on Japanese Patent Application No. 2000-298939 filed on 
September 29, 2000 and including specification, cl^ms, drawings and summary. The 
5 disclosure of the above Jq}an6se Patent Application is incorporated herein by reference in 
its entirety. 



